Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1674

Browse all 1674 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache DubboApache KylinApache PulsarApache AmbariApache HiveApache SparkApache TikaApache RangerApache ActiveMQ
CVE IDTitleCVSSSeverityPublished
CVE-2024-52046 Apache MINA: MINA applications using unbounded deserialization may allow RCE — Apache MINACWE-502 9.8 -2024-12-25
CVE-2024-43441 Apache HugeGraph-Server: Fixed JWT Token(Secret) — Apache HugeGraph-ServerCWE-302 9.8 -2024-12-24
CVE-2024-45387 Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments — Apache Traffic ControlCWE-89 9.9 Critical2024-12-23
CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails — Apache HiveCWE-209 8.2 -2024-12-23
CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete — Apache TomcatCWE-367 8.1 -2024-12-20
CVE-2024-56128 Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption — Apache KafkaCWE-303 7.5 -2024-12-18
CVE-2024-54677 Apache Tomcat: DoS in examples web application — Apache TomcatCWE-400 7.5 -2024-12-17
CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation — Apache TomcatCWE-367 8.1 -2024-12-17
CVE-2024-55633 Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access — Apache SupersetCWE-863 8.8 -2024-12-12
CVE-2024-53677 Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks — Apache Struts 9.8 -2024-12-11
CVE-2024-53949 Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled — Apache SupersetCWE-863 8.8 -2024-12-09
CVE-2024-53948 Apache Superset: Error verbosity exposes metadata in analytics databases — Apache SupersetCWE-209 5.3 -2024-12-09
CVE-2024-53947 Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions — Apache SupersetCWE-89 9.8 -2024-12-09
CVE-2024-46901 Apache Subversion: mod_dav_svn denial-of-service via control characters in paths — Apache SubversionCWE-20 3.1 Low2024-12-09
CVE-2022-41137 Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore — Apache HiveCWE-502 8.8 -2024-12-05
CVE-2024-45106 Apache Ozone: Improper authentication when generating S3 secrets — Apache OzoneCWE-287 6.8 -2024-12-03
CVE-2024-52338 Apache Arrow R package: Arbitrary code execution when loading a malicious data file — Apache Arrow R packageCWE-502 9.8AICriticalAI2024-11-28
CVE-2024-51569 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler — Apache NimBLECWE-125 7.1AIHighAI2024-11-26
CVE-2024-47250 Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access — Apache NimBLECWE-125 7.5AIHighAI2024-11-26
CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler — Apache NimBLECWE-129 6.5AIMediumAI2024-11-26
CVE-2024-47248 Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack — Apache NimBLECWE-120 9.8AICriticalAI2024-11-26
CVE-2024-45719 Apache Answer: Predictable Authorization Token Using UUIDv1 — Apache AnswerCWE-326 7.5 -2024-11-22
CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log — Apache NiFiCWE-532 4.9AIMediumAI2024-11-21
CVE-2024-31141 Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider — Apache Kafka ClientsCWE-552 6.5AIMediumAI2024-11-19
CVE-2024-52318 Apache Tomcat: Incorrect JSP tag recycling leads to XSS — Apache Tomcat 8.2 -2024-11-18
CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2 — Apache Tomcat 5.3AIMediumAI2024-11-18
CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API — Apache TomcatCWE-391 9.1 -2024-11-18
CVE-2024-41151 Apache HertzBeat: RCE by notice template injection vulnerability — Apache HertzBeatCWE-502 8.8AIHighAI2024-11-18
CVE-2024-45791 Apache HertzBeat: Exposure sensitive token via http GET method with query string — Apache HertzBeatCWE-200 7.5AIHighAI2024-11-18
CVE-2024-45505 Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities — Apache HertzBeatCWE-77 8.8AIHighAI2024-11-18

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.